Re: Assistance with file + ldap auth config moving from httpd 2.2 to 2.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks to everybody for their support. With trace8 loglevel I saw the
problem was with the Active directory group membership. I reverted to
what I was using in apache 2.2 for that part:

Require ldap-filter memberOf:1.2.840.113556.1.4.1941:=cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es

Also, I removed AuthBasicAuthoritative off because it caused non-existent users to produce a 500 error instead of a 401.

Again, thank you very much for the help!

Eduardo Mayoral Jimeno (emayoral@xxxxxxxx)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153

On 13/10/17 18:10, Eric Covener wrote:
> Can you crank up the loglevel to trace8? I believe there are some
> spurious error messages when authz modules are reporting their
> individual results vs. getting rolled up to RequireAny.
>
> On Fri, Oct 13, 2017 at 11:46 AM, Eduardo Mayoral <emayoral@xxxxxxxx> wrote:
>> Hi, Eric,
>>
>>     Thanks for your fast answer. The reason for the provider aliases is
>> that once I get this config working I would like to re-use it for about
>> 6 different directories.
>>
>>     However, I have tried to flatten the configuration according to your
>> suggestion. I repeated the tests, exact same result. Flattened config
>> follows:
>>
>>       AuthType Basic
>>       AuthName "Xymon user"
>>
>>       AuthBasicProvider file ldap
>>       AuthBasicAuthoritative off
>>
>>       AuthLDAPURL "ldap://REDACTED:3268
>> REDACTED:3268/DC=arsyslan,DC=es?sAMAccountName?sub?(objectClass=*)" NONE
>>       AuthLDAPBindDN "REDACTED@xxxxxxxxxxx"
>>       AuthLDAPBindPassword "REDACTED"
>>       AuthLDAPGroupAttributeIsDN on
>>       AuthLDAPGroupAttribute member
>>       AuthLDAPMaxSubGroupDepth 3
>>
>>       AuthUserFile /etc/xymon/xymonusers.htpasswd
>>       AuthGroupFile /etc/xymon/xymongroups.htpasswd
>>
>>
>>       <RequireAny>
>>         Require group XymonUsers
>>         Require ldap-group
>> cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
>>       </RequireAny>
>>
>>
>> Eduardo Mayoral Jimeno (emayoral@xxxxxxxx)
>> Administrador de sistemas. Departamento de Plataformas. Arsys internet.
>> +34 941 620 145 ext. 5153
>>
>> On 13/10/17 16:47, Eric Covener wrote:
>>> On Fri, Oct 13, 2017 at 10:06 AM, Eduardo Mayoral <emayoral@xxxxxxxx> wrote:
>>>> Hi,
>>>>
>>>>     I am trying to move a web application from httpd 2.2 to httpd 2.4 ,
>>> I don't think all of those provider-aliases are necessary. Did you a
>>> try a more simpler/direct port of the config?
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux